C H A P T E R 3 |
Initial Configuration |
This chapter describes the steps required to initialize and configure an SSL proxy blade for use in a network environment. This setup procedure assumes that the SSL proxy blade has already been installed according to the previous installation instructions and all relevant network cables are connected.
This chapter contains the following sections:
To use the SSL proxy blade, it must be initialized with required information using the blade console, which is accessible through the Sun Fire B1600 system controller. Once the SSL proxy blade has been initially configured, it can be managed through Telnet.
1. Gather the required information.
When the SSL proxy blade is powered on for the first time, you must set the values for the parameters listed in TABLE 3-1 before the device can operate correctly. Use the empty value column as a worksheet.
2. Set up the SSL proxy blade.
a. Log on to the SSL proxy blade.
When the SSL Proxy blade console is accessed, the Login: prompt displays after the boot process completes.
Where n is the slot number for the SSL proxy blade.
Note - For initial setup you must be logged in as the security officer (so). |
After validating the user and password the command prompt should now be displayed: CLI#
b. Change the security officer password with the command:
For more information about user access and privileges see the User Access.
c. Run the set management command and the setup command.
After logging in for the first time you need to run the setup command before setting any configuration information. The setup command prompts you for the required information listed above.
The setup command configures the blade for the first time. You can use specific commands to change the initial parameters later.
3. Verify that the blade is connected.
a. To verify connectivity, ping any host on the same subnet from the SSL proxy blade. The ping should report the host to be alive.
Note - In the previous command the IP address (ip-addr) must be entered as a numeric IP address and not a hostname. |
b. To verify Telnet, use Telnet to connect to the SSL proxy blade.
This option allows you to continue the setup process from a local area network
Before the SSL proxy blade can process SSL traffic, the keys and certificates must be installed.
See Keys and Certificates for more information on the import and create commands.
You may create a self-signed certificate for a temporary certificate used for testing purposes.
Or, you may create a certificate signed by a certificate authority.
3. Hand off this certificate request to a certificate authority. Use this certificate authority to generate the certificate.
After the certificates have been installed, you can create services for each server. The services enable the SSL proxy blade to process SSL traffic.
See Services for a full explanation of service settings.
1. Use the show management command to display the current SSL proxy blade configuration.
2. Use the show portpair command to list all TCP port settings:
CLI# show portpair portpair 1: secure port: 443 clear port: 880 portpair 2: secure port: 0 clear port: 0 portpair 3: secure port: 0 clear port: 0 portpair 4: secure port: 0 clear port: 0 |
Other configuration information can be displayed using the commands described in TABLE 3-2.
3. Save the configuration as permanent.
When you log out you will be reminded if the configuration has not been saved and given an option to cancel the logout. Configuration changes that are not saved will be lost if the SSL proxy blade is rebooted. The command config compare can determine if the configuration in memory is different than the permanent configuration stored in flash.
4. Verify and start processing.
Note - Browsers have preloaded recognized CA certificates. Thus, with self-signed certificates as used in this example, a browser will not recognize the CA and issues a warning. |
a. Perform diagnostics (if required).
See Event Logging Commands for more details.
b. Use the following CLI# commands to display important information about the SSL proxy blade configuration.
These and other show commands are described in detail in Appendix G.
After adding certificates, services, and configuring the Sun Fire B10n content load balancing blade, you can start the SSL proxy blade using the start command. The start command is used to start the SSL proxy blade processing SSL traffic.
After the setup process is finished, and the SSL proxy blade is successfully processing traffic, use the logout command to exit the command-line interface.
When the SSL proxy blade is installed the management IP address is used. Telnet sessions are kept open for 30 minutes after the last activity.
1. Ping the administration port to verify proper connectivity.
You can also use the ping command to verify connection to another computer terminal from the SSL proxy blade serial port.
2. On Telnet, the Login: prompt is displayed after the following telnet command:
After connecting to the administration port on the SSL proxy blade, the Login prompt is displayed.
Use the set management command to change the default administration IP address.
CLI# set management Enter administration IP (192.168.0.12): admin_ip-addr Enter administration netmask (255.255.255.0): admin_netmask |
Copyright © 2004, Sun Microsystems, Inc. All rights reserved.